wangwei
/
cwetest
Not watched
1
0
Fork 0
Code
Releases 0 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
cwetest/CWE127_Buffer_Underread__CW...

257 lines
7.2 kB
Raw Permalink Blame History 

  1. /* TEMPLATE GENERATED TESTCASE FILE

  2. Filename: CWE127_Buffer_Underread__CWE839_connect_socket_01.c

  3. Label Definition File: CWE127_Buffer_Underread__CWE839.label.xml

  4. Template File: sources-sinks-01.tmpl.c

  5. */

  6. /*

  7.  * @description

  8.  * CWE: 127 Buffer Underread

  9.  * BadSource: connect_socket Read data using a connect socket (client side)

  10.  * GoodSource: Non-negative but less than 10

  11.  * Sinks:

  12.  *    GoodSink: Ensure the array index is valid

  13.  *    BadSink : Improperly check the array index by not checking to see if the value is negative

  14.  * Flow Variant: 01 Baseline

  15.  *

  16.  * */

  17. 

  18. #include "std_testcase.h"

  19. 

  20. #ifdef _WIN32

  21. #include <winsock2.h>

  22. #include <windows.h>

  23. #include <direct.h>

  24. #pragma comment(lib, "ws2_32") /* include ws2_32.lib when linking */

  25. #define CLOSE_SOCKET closesocket

  26. #else /* NOT _WIN32 */

  27. #include <sys/types.h>

  28. #include <sys/socket.h>

  29. #include <netinet/in.h>

  30. #include <arpa/inet.h>

  31. #include <unistd.h>

  32. #define INVALID_SOCKET -1

  33. #define SOCKET_ERROR -1

  34. #define CLOSE_SOCKET close

  35. #define SOCKET int

  36. #endif

  37. 

  38. #define TCP_PORT 27015

  39. #define IP_ADDRESS "127.0.0.1"

  40. #define CHAR_ARRAY_SIZE (3 * sizeof(data) + 2)

  41. 

  42. #ifndef OMITBAD

  43. 

  44. void CWE127_Buffer_Underread__CWE839_connect_socket_01_bad()

  45. {

  46.     int data;

  47.     /* Initialize data */

  48.     data = -1;

  49.     {

  50. #ifdef _WIN32

  51.         WSADATA wsaData;

  52.         int wsaDataInit = 0;

  53. #endif

  54.         int recvResult;

  55.         struct sockaddr_in service;

  56.         SOCKET connectSocket = INVALID_SOCKET;

  57.         char inputBuffer[CHAR_ARRAY_SIZE];

  58.         do

  59.         {

  60. #ifdef _WIN32

  61.             if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR)

  62.             {

  63.                 break;

  64.             }

  65.             wsaDataInit = 1;

  66. #endif

  67.             /* POTENTIAL FLAW: Read data using a connect socket */

  68.             connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);

  69.             if (connectSocket == INVALID_SOCKET)

  70.             {

  71.                 break;

  72.             }

  73.             memset(&service, 0, sizeof(service));

  74.             service.sin_family = AF_INET;

  75.             service.sin_addr.s_addr = inet_addr(IP_ADDRESS);

  76.             service.sin_port = htons(TCP_PORT);

  77.             if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR)

  78.             {

  79.                 break;

  80.             }

  81.             /* Abort on error or the connection was closed, make sure to recv one

  82.              * less char than is in the recv_buf in order to append a terminator */

  83.             recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0);

  84.             if (recvResult == SOCKET_ERROR || recvResult == 0)

  85.             {

  86.                 break;

  87.             }

  88.             /* NUL-terminate the string */

  89.             inputBuffer[recvResult] = '\0';

  90.             /* Convert to int */

  91.             data = atoi(inputBuffer);

  92.         }

  93.         while (0);

  94.         if (connectSocket != INVALID_SOCKET)

  95.         {

  96.             CLOSE_SOCKET(connectSocket);

  97.         }

  98. #ifdef _WIN32

  99.         if (wsaDataInit)

  100.         {

  101.             WSACleanup();

  102.         }

  103. #endif

  104.     }

  105.     {

  106.         int buffer[10] = { 0 };

  107.         /* POTENTIAL FLAW: Attempt to access a negative index of the array

  108.          * This check does not check to see if the array index is negative */

  109.         if (data < 10)

  110.         {

  111.             printIntLine(buffer[data]);

  112.         }

  113.         else

  114.         {

  115.             printLine("ERROR: Array index is too big.");

  116.         }

  117.     }

  118. }

  119. 

  120. #endif /* OMITBAD */

  121. 

  122. #ifndef OMITGOOD

  123. 

  124. /* goodG2B uses the GoodSource with the BadSink */

  125. static void goodG2B()

  126. {

  127.     int data;

  128.     /* Initialize data */

  129.     data = -1;

  130.     /* FIX: Use a value greater than 0, but less than 10 to avoid attempting to

  131.      * access an index of the array in the sink that is out-of-bounds */

  132.     data = 7;

  133.     {

  134.         int buffer[10] = { 0 };

  135.         /* POTENTIAL FLAW: Attempt to access a negative index of the array

  136.          * This check does not check to see if the array index is negative */

  137.         if (data < 10)

  138.         {

  139.             printIntLine(buffer[data]);

  140.         }

  141.         else

  142.         {

  143.             printLine("ERROR: Array index is too big.");

  144.         }

  145.     }

  146. }

  147. 

  148. /* goodB2G uses the BadSource with the GoodSink */

  149. static void goodB2G()

  150. {

  151.     int data;

  152.     /* Initialize data */

  153.     data = -1;

  154.     {

  155. #ifdef _WIN32

  156.         WSADATA wsaData;

  157.         int wsaDataInit = 0;

  158. #endif

  159.         int recvResult;

  160.         struct sockaddr_in service;

  161.         SOCKET connectSocket = INVALID_SOCKET;

  162.         char inputBuffer[CHAR_ARRAY_SIZE];

  163.         do

  164.         {

  165. #ifdef _WIN32

  166.             if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR)

  167.             {

  168.                 break;

  169.             }

  170.             wsaDataInit = 1;

  171. #endif

  172.             /* POTENTIAL FLAW: Read data using a connect socket */

  173.             connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);

  174.             if (connectSocket == INVALID_SOCKET)

  175.             {

  176.                 break;

  177.             }

  178.             memset(&service, 0, sizeof(service));

  179.             service.sin_family = AF_INET;

  180.             service.sin_addr.s_addr = inet_addr(IP_ADDRESS);

  181.             service.sin_port = htons(TCP_PORT);

  182.             if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR)

  183.             {

  184.                 break;

  185.             }

  186.             /* Abort on error or the connection was closed, make sure to recv one

  187.              * less char than is in the recv_buf in order to append a terminator */

  188.             recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0);

  189.             if (recvResult == SOCKET_ERROR || recvResult == 0)

  190.             {

  191.                 break;

  192.             }

  193.             /* NUL-terminate the string */

  194.             inputBuffer[recvResult] = '\0';

  195.             /* Convert to int */

  196.             data = atoi(inputBuffer);

  197.         }

  198.         while (0);

  199.         if (connectSocket != INVALID_SOCKET)

  200.         {

  201.             CLOSE_SOCKET(connectSocket);

  202.         }

  203. #ifdef _WIN32

  204.         if (wsaDataInit)

  205.         {

  206.             WSACleanup();

  207.         }

  208. #endif

  209.     }

  210.     {

  211.         int buffer[10] = { 0 };

  212.         /* FIX: Properly validate the array index and prevent a buffer underread */

  213.         if (data >= 0 && data < (10))

  214.         {

  215.             printIntLine(buffer[data]);

  216.         }

  217.         else

  218.         {

  219.             printLine("ERROR: Array index is out-of-bounds");

  220.         }

  221.     }

  222. }

  223. 

  224. void CWE127_Buffer_Underread__CWE839_connect_socket_01_good()

  225. {

  226.     goodG2B();

  227.     goodB2G();

  228. }

  229. 

  230. #endif /* OMITGOOD */

  231. 

  232. /* Below is the main(). It is only used when building this testcase on

  233.    its own for testing or for building a binary to use in testing binary

  234.    analysis tools. It is not used when compiling all the testcases as one

  235.    application, which is how source code analysis tools are tested. */

  236. 

  237. #ifdef INCLUDEMAIN

  238. 

  239. int main(int argc, char * argv[])

  240. {

  241.     /* seed randomness */

  242.     srand( (unsigned)time(NULL) );

  243. #ifndef OMITGOOD

  244.     printLine("Calling good()...");

  245.     CWE127_Buffer_Underread__CWE839_connect_socket_01_good();

  246.     printLine("Finished good()");

  247. #endif /* OMITGOOD */

  248. #ifndef OMITBAD

  249.     printLine("Calling bad()...");

  250.     CWE127_Buffer_Underread__CWE839_connect_socket_01_bad();

  251.     printLine("Finished bad()");

  252. #endif /* OMITBAD */

  253.     return 0;

  254. }

  255. 

  256. #endif